Chrome Gets Hacked at CanSecWest, Google Pays out to Hacker

By Steve Anderson March 08, 2012

An exploit never before seen just meant one big payday for a Russian student named Sergey Glazunov, who took said exploit and managed to hack a computer running Google's Chrome browser. And while the concept may seem straight out of a William Gibson work, the execution is all too real.

Basically, Glazunov's exploit bypassed what's known as the “sandbox” restriction on Chrome, which would, under normal circumstances, keep a hacker from the rest of the computer, even if he or she had managed to breach the browser itself. Glazunov's exploit, therefore, allowed him to go in through the browser, and from there, to the rest of the computer.

Google had previously established a prize system for hacking competitions, where winners would receive payouts on any tricks that could be found to do exactly what Glazunov's exploit managed to do, and the events of the Pwnium Competition at the CanSecWest security conference in Vancouver proved no different. Glazunov took home one of the $60,000 prizes, as reportedly part of a graduated prize system depending on how much of the exploit was previously known. Glazunov was required to keep mum on just what it was he did, as well as turn over all research involved in the development of said exploit, so that Google can fix the resulting breach and ensure that no one else will be able to get in the same way Glazunov did, not even Glazunov himself.

Competitions like this are, I'd say, a good idea in general. If you've got a whole bunch of people with a vested interest in cracking open a browser or similar piece of software and using it to nefarious ends, why not get all those people together in the same room and watch them go at it? Offering a healthy cash prize, at least a year's salary in many jobs, certainly doesn't hurt, and not only are you controlling losses on your end, but you're also providing protection against a future maelstrom of bad publicity by actively working to prevent all those black hat types out there from using your software to break into people's computers and cause no end of harm.

Hopefully more companies will follow Google's lead on this one — some already have — and we'll see a lot more hacking competitions and a lot fewer actual hackings.




Edited by Rich Steeves

Contributing TechZone360 Writer

SHARE THIS ARTICLE
Related Articles

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More

Putting the Flow into Workflow, Paessler and Briefery Help Businesses Operate Better

By: Cynthia S. Artin    9/14/2018

The digital transformation of business is generating a lot of value, through more automation, more intelligence, and ultimately more efficiency.

Read More

From Mainframe to Open Frameworks, Linux Foundation Fuels Up with Rocket Software

By: Special Guest    9/6/2018

Last week, at the Open Source Summit, hosted by The Linux Foundation, the Open Mainframe Project gave birth to Zowe, introduced a new open source soft…

Read More

Unified Office Takes a Trip to the Dentist Office

By: Cynthia S. Artin    9/6/2018

Not many of us love going to see the dentist, and one company working across unified voice, productivity and even IoT systems is out to make the exper…

Read More

AIOps Outfit Moogsoft Launches Observe

By: Paula Bernier    8/30/2018

Moogsoft Observe advances the capabilities of AIOps to help IT teams better manage their services and applications in the face of a massive proliferat…

Read More